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METHOD AND APPARATUS FOR SELECTIVE M OCKING OF 
w AUTO FREQUENCY IDENTIFICATI ON DEVICES 

Related Applicationfs) 

The present application claims the priority of U.S. Provisional Patent Application Serial 
No. 60/468,750, filed May 8, 2003 and entitled "The Wildcard-Tag: Selective Jamming for 
Consumer Privacy," and U.S. Provisional Patent Application Serial No. 60/471,187, filed May 
16, 2003 and entitled "The Blocker Tag: Selective Blocking of RFID Tags for Consumer 
Privacy," the disclosures of which are incorporated by reference herein. 

Field of the Invention 

The present invention relates generally to radio frequency identification (RFID) tags or 
other types of RFID devices, and more particularly to techniques for providing enhanced privacy 
in conjunction with the use of such devices. 



Back ground of the Invention 

A conventional RFID tag typically comprises an integrated circuit transceiver capable of 
transmitting a unique serial number or other identifying information to a nearby reader in 
response to a query from the reader. Many RFID tags are "passive" in that they do not include a 

20 battery or other power source, but instead obtain the power necessary to operate from the query 
signal itself. RFID tags are expected to replace printed barcodes in consumer product 
applications. Also, ongoing RFID tag development efforts have led to significant cost and size 
reductions, which should result in a rapid proliferation of RFID tags into many new areas of use. 
For example, proposals have recently been made to integrate RFID tags into currency. 

25 The impending ubiquity of RFID tags, however, also poses a potentially widespread 

threat to consumer privacy. The simplest RFID tag will broadcast its unique identifying 
information to any nearby reader. The movements of a given consumer or other user can 
therefore be readily tracked by simply monitoring the RFID tags in goods carried by or 
otherwise associated with that user. 
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A number of conventional approaches attempt to address the privacy threats associated 
with RFID tags. 

A straightforward approach for the protection of consumer privacy is to "kill" RFID tags 
before they are placed in the hands of consumers. More specifically, an RFID tag can be killed 
5 upon purchase of the tagged product, by sending a special kill command to the tag. A killed tag 
is truly dead, and can never be re-activated. As an example, a supermarket might use RFID tags 
to facilitate inventory management and monitoring of shelf stocks. To protect consumer privacy, 
checkout clerks would kill the tags of purchased goods, such that no purchased goods would 
contain active RFID tags. There are many environments, however, in which simple measures 
10 like kill commands are unworkable or undesirable for privacy enforcement. For example, 
consumers may wish RFID tags to remain operative while in their possession, so as to be 
utilizable by home appliances or other user devices equipped with RFID tag readers. 

Another approach involves shielding an RFID tag from scrutiny by enclosing it in a 
Faraday cage, that is, a container made of metal mesh or foil that is impenetrable by RF signals. 
15 RFID tags will inevitably see use, however, in a vast range of objects, including clothing and 
wristwatches, that cannot be placed conveniently in containers. Faraday cages thus represent at 
best only a partial solution to the consumer privacy problem. 

Active jamming of RF signals is another, related physical means of shielding RFID tags 
from view. A consumer could carry a device that actively broadcasts RF signals so as to block 
20 or otherwise disrupt the operation of any nearby RFID tag readers. This crude approach raises 
legal issues relating to broadcast power levels, and could cause severe disruption of all nearby 
RFID systems, even those in legitimate applications where privacy is not a concern. 

Another general approach is to make the RFID tags "smarter," so that they interact with 
readers in a way that better protects privacy, while still providing the desired active 
25 functionality. This would typically involve the use of cryptographic methods. More particular 
examples requiring cryptographic functionality implemented on the tags themselves include the 
"hash-lock" and "silent tree-walking" techniques described in S.A. Weis et al., "Security and 
privacy aspects of low-cost radio frequency identification systems," Proceedings of the First 
International Conference on Security in Pervasive Computing, 2003, and S.A. Weis, "Radio- 
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frequency identification security and privacy," Master's thesis, MIT, June 2003. However, the 
severe cost constraints on basic RFID tags may preclude implementation of such tag-based 
cryptographic functionality in practical applications. 

Other techniques of this type which avoid the need for tag-based cryptographic 
5 functionality include the external agent re-encryption technique described in A. Juels and R. 
Pappu, "Squealing Euros: Privacy protection in RFID-enabled banknotes" Financial 
Cryptography '03, R. Wright, editor, Springer-Verlag, 2003; and the universal re-encryption 
technique described in P. Golle et aL, "Universal re-encryption for mixnets," 2002. However, 
these re-encryption techniques require significant computational infrastructure external to the 
10 tags, and are thus likely to be unduly burdensome in practice. 

It is therefore apparent that a need exists for improved techniques for providing cost- 
effective consumer privacy protections in practical RFID tag applications, in such a manner that 
the legitimate tracking capabilities of the tags are not undermined, and without requiring the use 
of tag-based cryptographic functionality or additional computational infrastructure external to 
15 the tags. 

Summary of the Invention 

" The present invention in accordance with one aspect thereof provides techniques for 
enhanced privacy in an RFID system. The RFID system generally includes a plurality of RFID 

20 devices, each having an associated identifier, and at least one reader which communicates with 
one or more of the devices. A blocker device is operative to receive a communication directed 
from the reader to one or more of the RFID devices, and to generate, possibly based on 
information in the received communication, an output transmittable to the reader. The output 
simulates one or more responses from at least one of the RFID devices in a manner winch 

25 prevents the reader from determining at least a portion of the identifier of at least one of the 
RFID devices. The blocker device may itself comprise one of the RFID devices, and thus may 
•have one of the identifiers associated therewith. 

In an illustrative embodiment, the output generated by the blocker device interferes with 
the normal operation of a singulation algorithm implemented by the reader, by selectively 
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blocking the reader from singulating certain device identifiers in a designated privacy zone or in 
accordance with a specified privacy policy. The singulation algorithm may be a tree-walking 
singulation algorithm, an ALOHA singulation algorithm, or any other type of singulation 
algorithm utilizable by a reader in determining particular device identifiers. 

5 Advantageously, an RFID device or other blocker device configured to include a 

selective blocking feature in accordance with the invention provides enhanced consumer privacy, 
without significantly undermining the effectiveness of the device as a tracking mechanism prior 
to consumer possession thereof. Moreover, such protection is provided in a particularly cost- 
effective manner, without significantly increasing the complexity of the RFID devices or the 

10 device reader. 

These and other features and advantages of the present invention will become more 
readily apparent from the accompanying drawings and the following detailed description. 

Brief Description nf the Drawings 

15 FIG. 1 is simplified block diagram of an example RFID system in which the present 

invention is implemented. 

FIG. 2 illustrates one possible implementation of an RFID device reader of the FIG. 1 

system. 

FIG. 3 shows an example of a tree-walking algorithm utilizable in an illustrative 

20 embodiment of the invention. 

FIG. 4 illustrates the manner in which a privacy zone can be created in the tree-walking 

example of FIG. 3 utilizing the techniques of the invention. 

FIGS. 5, 6 and 7 are flow diagrams of example processes for implementing selective 
blocking with specified privacy zones in the RFID system of FIG. 1. 



25 



Detailed Desc ri ption of the Preferred Embodiments 

The present invention will be described herein with reference to an exemplary RFID 
system in which multiple RFID devices communicate with an RFID device reader. It is to be 
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appreciated, however, that the invention is not restricted to use in this or any other particular 

RFID system configuration. 

The term "RFID device" as used herein is intended to include an RFID tag or any other 
• type of device configurable for transmission of device-identifying information via radio 
5 frequency communications. Although the following description will refer primarily to RFID 

tags, it is to be understood that the techniques disclosed are more generally applicable to other 

types of RFID devices. 

The device-identifying information may be a serial number or any other type of 
identifier, also generally referred to herein as an ID. It should be noted that not every identifier 
10 in a given set of unique identifiers need have a corresponding realized device. 

The term "blocker device" as used herein is intended to include a blocker tag or other 
RFID device, or more generally any other type of device, which incorporates full or selective 
blocking functionality in accordance with the invention. A blocker device may therefore be an 
RFID tag or other RFID device configurable for transmission of device-identifying information 
15 via radio frequency communications, or may be another type of device which is not so 
configurable or does not otherwise have an identifier associated therewith. For example, a 
blocker device may comprise a mobile telephone, a portable computer, a personal digital 
assistant (PDA), a hardware-based authentication token such as an RSA SecurlD® token 
commercially available from RSA Security Inc. of Bedford, Massachusetts, U.S.A., or any other 
20 type of processing device in which full or selective blocking functionality in accordance with the 
invention may be implemented. 

The term "reader" as used herein is intended to include any type of device capable of 
interacting with an RFID tag or other RFID device so as to receive device-identifying 
information therefrom. 

25 FIG. 1 shows an RFID system 100 in which the present invention is implemented. The 

system 100 includes a number of RFID tags 102, more particularly denoted T\, T 2 , . . . T„, and an 
RFID reader 104. The notation T\, T 2 , . . . T n is also used herein to refer to the particular tag IDs 
of the tags 102. The reader 104 communicates with the tags 102 and receives identifying 
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information therefrom, utilizing the techniques of the present invention. The reader 104 is 
coupled via a network 106 to servers denoted 108, 1 10. 

In accordance with an aspect of the invention, one or more of the tags 102 are configured 
with an ability to block the operation of a singulation algorithm utilized by the reader 104 in 

5 order to provide enhanced privacy for a user of the tag. A given tag configured in this manner is 
referred to herein as a "blocker tag." The manner in which such tags interfere with the operation 
of the reader 104 will be described in greater detail below. 

The network 106 may represent a global computer network such as the Internet, a wide 
area network (WAN), a local area network (LAN), a satellite network, a telephone or cable 

10 network, or various portions or combinations of these and other types of networks. The servers 
108, 110 may be conventional processor-based information processing devices of a type 
conventionally utilized in conjunction with RFID readers in an RFID system. 

The particular number n of tags 102 in the system 100 is purely arbitrary, and the system 
can be configured to support any desired number of tags. Also, although only a single reader 

15 104 is shown in the figure for simplicity and clarity of illustration, the system will typically 
include multiple readers. Furthermore, it should be noted that a given reader need not be 
connected to a network, and may instead operate as a stand-alone device. 

FIG. 2 shows one possible implementation of the reader 104 of the FIG. 1 system. The 
reader in this implementation includes a processing block 200, comprising a processor 202 

20 coupled to a memory 204, a network interface 206, an RF transceiver 210, and an antenna 212. 
One or more of these elements may be implemented in whole or in part as a conventional 
microprocessor, digital signal processor, application-specific integrated circuit (ASIC) or other 
type of circuitry, as well as portions or combinations of such circuitry elements. Software 
programs for controlling the operation of the reader 104 may be stored in the memory 204 and 

25 executed by the processor 202. 

As indicated previously, the present invention in accordance with one aspect thereof 
implements one or more of the tags 102 as blocker tags. Such tags are configurable to disrupt 
the normal operation of the reader in a manner that provides enhanced privacy protection without 
undermining the effectiveness of the tags as a tracking mechanism prior to consumer possession 
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thereof. This is achieved in the preferred embodiments by selectively interfering with a 
singulation algorithm implemented by the reader. 

A given RFID tag in accordance with the invention generally includes circuitry 
comprising memory, processing logic and an RF transceiver. These elements may be configured 
5 in a manner similar to that used in conventional RFID tags, with straightforward modification to 
implement a blocking technique as described herein. 

A typical RFID reader is generally only able to communicate with a single RFID tag at a 
time. If more than one tag responds to a query by the reader, the reader detects a collision and 
executes a singulation algorithm which allows the reader to communicate with the conflicting 

10 tags one at a time. 

Conventional RFID tag systems typically operate at a frequency of either 13.56 MHz or 
915 MHz. Those operating at 915 MHz commonly utilize a tree-walking singulation algorithm, 
while those operating at 13.56 MHz usually utilize an ALOHA singulation algorithm. Other 
frequencies, such as 125 kHz and 2.45 GHz, are also used, and employ similar singulation 

15 algorithms. 

The blocking techniques of the present invention will initially be described with 
reference to an illustrative embodiment in which the reader 104 is assumed to utilize a 
conventional tree-walking singulation algorithm to determine the ID associated with a particular 
RFID tag. 

20 Examples of selective blocking in this tree-walking singulation context will be described 

in conjunction with FIGS. 3, 4 and 5. Other embodiments of the invention, based on an ALOHA 
singulation algorithm, will then be described in conjunction with FIGS. 6 and 7. 

The tree-walking singulation algorithm enables the reader 104 to identify the IDs of 
nearby tags individually by means of a bit-by-bit query process resembling a depth-first search 

25 of a binary tree. 

Assume that the tags 102 in the system 100 of FIG. 1 bear unique IDs of a fixed bit- 
length k. Example values of A: include 64, 96 or 128, although any value can be used. 
Let || denote the concatenation operator for bit strings. 
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The set of all possible it-bit IDs can be viewed as the leaves of a standard binary tree of 
depth k. The root of this tree has depth 0 and is labeled with the empty string. A node of depth d 
is labeled with a binary string x of length d; if d < k, then the node has two children at depth d + 
1: a "left child" with label xO, and a "right child" with label xl. (Here xO means x || 0 and xl 
5 means x || 1.) 

We regard the branches of a given node in this tree as bearing labels '0' and T, 
associated with the respective left and right branches. Thus a node at depth d in this tree may be 
uniquely identified by a binary prefix B = b x b 2 ... b d , representing the sequence of branch labels 
of branches traversed in a path from the root to the node. It follows that each of the 2* leaves in 
10 the tree has a unique associated it-bit string. We view each such leaf as representing a distinct 
possible tag ID. 

The tree-walking singulation algorithm is a recursive depth-first search performed by a 
reader 104 in the following manner. 

Let the subtree of a given node of the tree denote all the descendents of that node in the 

15 tree. 

The reader initiates the tree- walking singulation algorithm at the root of the tree. 
Starting at a given node B = b\b 2 ... b d , the reader queries all tags bearing IDs in the 
leaves of the corresponding subtree, i.e., all tags whose IDs bear the prefix B; all other tags are 
' instructed to remain silent. 
20 The queried tags reply to the reader with the d + 1-st bit in their IDs; i.e., each tag 

broadcasts a '0' if it lies in the left subtree of the node B, and a « 1 ' if it lies in the right subtree. 
Consequently, if there are tags in both the left and right subtrees of B, then the tags together 
simultaneously broadcast both a '0' and a '1', creating a collision in the broadcast bit. 

In this case, when a collision is detected, the reader recurses (sequentially in turn) 
25 beginning at its child nodes B || 0 and B || 1 . 

If, on the other hand, the tags all reply with only a single bit b, i.e., they all lie in the 
same subtree, then the reader recurses on the node B \\ b, and ignores the other (empty) subtree. 
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When the algorithm reaches a leaf (at depth k), it outputs the associated fc-bit sequence, 
which is the ID of the tag just read. The full output of the singulation algorithm is a list of the 
IDs of all tags within range. 

The running time of this singulation algorithm is bounded by the product of k and the 

5 number of tags being read. 

It should be noted that the particular tree-walking algorithm described in detail above is 
simply one type of tree- walking algorithm that may be utilized in conjunction with the invention. 
Numerous variants of this particular tree-walking algorithm, as well as other types of tree- 
walking algorithms, may also be used. For example, one such variant may involve transforming 

10 the order of the identifier bits using a fixed permutation. This would help reduce the number of 
collisions in initial bits, since unique identifiers carry more randomness than, e.g., product 
identifiers. 

FIG. 3 shows a simple example illustrating the operation of the particular tree-walking 
singulation algorithm described in detail above. The binary tree shown in the figure is of depth 
15 3, and has 2 3 = 8 unique tag IDs represented at its leaves. The prefixes associated with subtrees 
are denoted in italics. 

In this example, we consider three tags as being present, namely the '001', 'Oil' and 
'110' tags. These are indicated by large black circles at their respective leaves. 

The tree-walking singulation algorithm here first singulates the '001' tag. It does this by 
20 following the path denoted by the darkened edges. At two nodes, namely the root of the tree and 
the root for all tags with a '0' prefix, there are collisions in the bits broadcast by the tags, 
because there are tags present in both the left and right subtrees. We denote these collision- 
points with hollow circles. Singulation of the '011' and '110' tags would follow by recursion on 
the collision points. 

25 A property of the tree-walking singulation algorithm is that all tags whose IDs share a 

common prefix lie in a common subtree. 

Thus, for example, if all products produced by a particular manufacturer share a common 
prefix, all IDs on tags for products of that manufacturer lie in a common subtree. These IDs are 
all scanned sequentially by the tree-walking singulation algorithm. 



9 



Attorney Docket No. 4414-37 

More generally, different ID prefixes may correspond to different zones of the space of 
possible IDs. For example, all IDs beginning with a '1' may be viewed as being in a "privacy 
zone," or all IDs beginning with '010' may be viewed as being in a "recycling zone." The 
careful allocation of ID prefixes allows the establishment of multiple zones of IDs that may be 
utilized in conjunction with the selective blocking techniques of the invention, as will be 

described in greater detail below. 

As mentioned previously, one or more RFID tags, referred to herein as blocker tags, are 
configured to deliberately interfere with the tree-walking singulation protocol. A blocker tag in 
the illustrative embodiment does not engage in an active form of jamming. Rather, by 
participating in the tag-reading process in a non-compliant way, it performs what may be thought 
of as a kind of passive jamming. 

In one possible implementation, a given blocker tag simulates the full spectrum of 
possible tag IDs, thereby obscuring the IDs of all tags. The blocker tag in this case effectively 
overwhelms the tree-walking singulation protocol by forcing it to sweep the full space of all 
possible tag IDs, which is extremely large. 

More specifically, a basic blocker tag of this type simulates the full set of 2* possible tag 
IDs, and is also referred to herein as a full blocker tag or a universal blocker tag. Such a blocker 
tag, when carried by a consumer, creates a physical region of privacy protection in which a 
reader is incapable of singulating tags. 

In operation, whenever the reader queries the tags in the subtree of a given node B for 
their next bit value, the full blocker tag simultaneously broadcasts both a '0' bit and a '1' bit. 
This may be accomplished, for example, by equipping the blocker tag with two distinct antennae, 
or using other suitable transmission mechanisms. These and numerous possible implementations 
of the blocker tag will be readily apparent to those skilled in the art given the teachings provided 
herein. The forced collision directs the reader to recurse on all nodes, thereby causing the reader 

to explore the entire tree. 

If the reader had enough time, memory, and processing power to complete the tree- 
walking singulation algorithm in these circumstances, it would output the entire set of all 2* 
possible tag IDs. However, this set is very large, and the reading process is designed to execute 



10 



Attorney Docket No. 4414-37 

very rapidly. In practice, therefore, the reader may be expected to stall after reaching only a few 
hundred leaves in the tree. The net effect is that the full blocker tag "blocks" the reading of all 
tags. 

In other implementations, a blocker tag in accordance with the invention may be 
5 configured to prevent singulation across certain restricted ranges of tag IDs. Thus, it is possible 
to designate a particular zone, that is, a range of IDs, such as all those with a leading '1' bit, as 
subject to the privacy protection of the blocker tag. Such a blocker tag is referred to herein as a 
selective blocker tag or a partial blocker tag. As will be shown below, this selective-blocking 
feature may be used to protect items in the hands of consumers, while at the same time 
1 0 permitting unimpeded reading of tags in commercial environments. 

FIG. 4 illustrates how such a privacy zone can be created in the k = 8 example of FIG. 3. 
The tree structure shown in FIG. 4 is the same as that of FIG. 3. However, in the FIG. 4 
arrangement, a privacy zone is created in the right subtree of the root node. The privacy zone is 
created by configuring the selective blocker tag such that it replies to the reader only during that 
15 portion of the execution of the tree- walking singulation algorithm that corresponds to the right 
subtree of the root node. This selective-blocking feature would have the effect of obstructing 
only the reading of tags that bear a T prefix in their IDs, while tags having IDs that begin with a 
'0' bit could be read without interference. A selective blocker tag can thus target a particular 
zone for protection. 

20 Also, a given tag can be transferred from outside the privacy zone into the privacy zone, 

for example, upon purchase of a corresponding tagged item by a consumer. This transfer process 
is also illustrated in FIG. 4, which shows the 'Oil' tag being transferred into the privacy zone by 
flipping its first bit from '0' to ' 1 '. 

Transfers may also be made from within the privacy zone to outside the privacy zone, in 

25 a similar manner. 

Such transfers may be controlled through use of a personal identification number (PIN), a 
password, a cryptographic authentication mechanism, or other suitable technique. 

FIG. 5 is a flow diagram showing an example selective blocking process implemented in 
the system 100 using the techniques of the invention. 
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In step 500, reader 104 issues a query for an ID subset S in conjunction with a tree- 
walking singulation algorithm of the type previously described. A given one of the RFID tags 
102 configured as a selective blocker tag having a privacy zone P then performs the operations 
shown in steps 502, 504 and 506. In step 502, the selective blocker tag determines if the 
intersection of S and P is the empty set. If so, the selective blocker tag makes no broadcast, as 
indicated in step 504. Otherwise, the selective blocker tag simulates a bit collision in step 506 
by broadcasting both a '0' and a ' 1 '. 

Advantageously, a given selective blocker tag may be easily and inexpensively 
configured so as to block reading of all tag IDs with an arbitrary prefix or set of prefixes. More 
generally, a selective blocker tag may be designed to simulate, and thus block the reading of, tag 
IDs satisfying any of a number of specified conditions, such as those matching a given regular 
expression. 

It should also be noted that a full or selective blocker tag may be used in a malicious 
manner, namely as a tool for mounting denial-of-service attacks. Such a blocker tag might be a 
full blocker tag that shields the full spectrum of IDs from reading, or might be a selective blocker 
tag that targets a particular range, for example, the set of IDs assigned to a particular 
manufacturer. A malicious blocker tag of this type might be used to disrupt business operations 
or to help perpetrate petty theft by shielding merchandise from inventory-control mechanisms. 
A number of techniques for detecting the presence of a malicious blocker tag will be described 
elsewhere herein. 

Another issue that arises in the selective blocker tag context is that blocking certain zones 
may automatically lead to the inadvertent blocking of other zones. For example, if IDs 
beginning with '0' are blocked, then the reader may never get around to reading IDs beginning 
with '1'. Therefore, it may be preferable in certain applications to provide a mechanism for 
informing the reader not to attempt to read within certain subtrees. That is, the reader needs to 
know when a subtree is being blocked, so that it can proceed to other parts of the tree without 
stalling on the blocked subtree. 

A number of different techniques may be used to configure the tree-walking singulation 
algorithm such that it works efficiently even in the presence of selective blocker tags. Generally, 
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such techniques configure the tree-walking singulation algorithm such that it ignores subtrees 

that are being blocked. 

For example, when at a given node, the basic tree-walking singulation algorithm asks all 
tags corresponding to leaves in the subtree of that node to broadcast their "next bit," that is, the 
label on the next branch from the node towards the leaf in question. The basic algorithm may be 
augmented in accordance with the invention such that the reader first determines for a given 
node whether the subtree rooted at this node is being blocked. Such a determination could be 
made via an appropriate query generated by the reader. More specifically, the reader may in 
effect pose the special query: "Is the subtree rooted at this node being blocked?" If the subtree 
is not being blocked, then the reader would proceed to ask the standard next-bit question. 

This aspect of the invention is referred to herein as "polite blocking," since the selective 
blocker tag is being polite by informing the reader as to which subtrees are being blocked. 

Another form of polite blocking configures a given selective blocker tag to inform 
readers as to the particular selective blocking policy being implemented. This technique may 
make use of a small, designated range of "virtual" tag IDs t, t + 1, ... , t + k, each corresponding 
to one of a range of standard, pre-specified policies labeled 0, 1, ... , k. In order to indicate that it 
is implementing privacy policy i, a selective blocker tag can simulate the presence of a tag with 
ID t + i. Such unary representation of policy numbers allows a reader that encounters multiple 
selective blocker tags to decipher the full policy set. 

This policy announcement approach is generally only viable for signaling one of a 
relatively small set of pre-established privacy policies. It is particularly well suited for use with a 
small number of designated privacy zones. In general, policy announcement is less flexible than 
the approach of permitting any node to declare that its subtree is protected. On the other hand, it 
may be important not to allow selective blocker tags to implement an indiscriminately rich set of 
privacy policies, as a policy can then become a unique identifier, or at least distinct enough to 
undermine the policy of its bearer. 

An important advantage of the blocker tag approach of the present invention is its very 
low implementation cost. The blocker tags themselves generally may be implemented using 
otherwise conventional RFID tags with only very slight circuit modifications to implement the 
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functionality described above. Moreover, the tags do not require any cryptographic 
functionality. No significant modifications to existing consumer-product RFID tags are 
required. The only significant overhead costs are those associated with management of a 
password for each standard RFID tag, to authorize it to change privacy zones. Thus, the blocker 
5 tag approach has low overhead costs, comparable to those associated with the "kill" command 
approach, but is much more flexible and useful for protecting privacy. 

To ensure its attractiveness as a widespread tool for protection of consumer privacy, the 
blocker tag will preferably create little or no disruption of normal RFID-based commercial 
processes like inventory control. In this context, a full blocker tag would generally be 
1 0 counterproductive in that it would provide privacy protection, but at the cost of indiscriminately 
disrupting all RFID-tag reading in its vicinity. Selective blocker tags avoid this problem, and are 
therefore a preferred implementation of the invention. 

With the use of privacy zones in conjunction with dynamic alteration of tag IDs, it is 
possible to implement a range of privacy policies that simultaneously satisfy the needs of 
1 5 consumers and businesses. As indicated previously, tag IDs may be transferred inside or outside 
privacy zones depending upon the situations in which they are used. 

In a simple implementation of a selective blocker tag, the privacy zone comprises the 
subtree of a single node, and thus corresponds to a set of IDs having a common binary prefix. An 
example of such a privacy zone comprising the right half of the tag ID tree, namely all serial 
20 numbers whose leading bit consists of a ' 1 ' , was previously described in conjunction with FIG. 
4. The following example illustrates in greater detail how a privacy zone of this type might be 
used in a retail setting. 

Example 1 

25 Privateway Supermarkets makes use of selective blocker tags whose privacy zone 

consists of all IDs with a leading T bit. Packages in Privateway Supermarkets each bear an 
RFID tag with a unique ID used for purposes of inventory control. As initially programmed, and 
while an item is inside the supermarket or its warehouses, the tag ID carries a leading '0' bit. At 
this point, the selective blocker tags do not disrupt the ordinary reading of other tags. 
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When the RFID tag reader at a cash register scans an item for purchase by a customer, it 
also transmits a tag-specific key to the RFID tag on the item, causing the leading bit in the tag ID 
to flip to a '1'. The key should be secret so as to prevent an attacker from transferring tag IDs 
arbitrarily into the privacy zone. Privateway Supermarkets also provides its customers with free 

5 selective blocker tags. These may be available, for example, embedded in shopping bags at 
registers, as stickers to be placed on items, or using other suitable mechanisms. 

When Alice returns home from her shopping trip to Privateway Supermarkets, she 
unmasks items in the privacy zone by detaching them from shopping bags or removing their 
privacy-enhancing stickers. To ensure that stickers no longer perform blocking when removed, 

10 they may be constructed to deactivate completely upon removal, for example, by detachment of 
their antennae. Bags might similarly be equipped with deactivation mechanisms. Personal 
blocking devices, of course, may be equipped with on/off or policy-setting switches. When the 
items are placed in a "smart" refrigerator, an attached RFID reader tallies the contents. By 
keeping track of this inventory, Alice's home computer can print out a list of items for purchase 

1 5 on Alice's next trip to the supermarket. 

A technique such as that utilized in Example 1 above could be incorporated into an 
otherwise conventional EPC system of a type specified by the MIT AutoID center. See, for 
example, D.L. Brock, "The electronic product code (EPC): A naming scheme for objects," 

20 Technical Report MIT-AUTOID-WH-002, MIT Auto ID Center, 2001, 
http://www.autoidcenter.org, which is incorporated by reference herein. An EPC comprises 96 
bits, sequentially partitioned as follows: (1) an 8-bit header; (2) a 28-bit "EPC-manager" code, 
designating the organization that owns the tag; (3) a 24-bit "object-manager" code, designating 
the class of object as determined by the EPC manager; and (4) a 36-bit serial number that 

25 uniquely identifies the object. 

Thus the privacy technique of Example 1 could be implemented by having one of the bits 
of the object-manager code designated as a standard privacy bit. All selective blocker tags could 
then be assigned a unique collective EPC-manager code. 
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Such an arrangement is reader friendly in that, to determine whether a selective blocker 
tag is present, a reader would initially check whether the EPC-manager code for selective 
blocker tags is present by following the corresponding path down the tree. Note that a selective 
blocker tag would simulate all EPC-manager codes, but a particular one would serve as an 
5 agreed-upon indicator of blocking. The privacy bit in the object-manager code for a tag could be 
flipped on or off according to the policies of the tag EPC manager. 

In many cases, it would be useful to have multiple, independent privacy zones. By 
associating different privacy-enhancing practices with different zones, it would be possible to 
maintain a collection of overlapping privacy policies. Different types of selective blocker tags 
10 might then be used to implement a variety of privacy policies. This aspect of the invention will 
be illustrated using the following examples. 

Example 2 

Suppose that the first two bits of tag IDs specify a desired privacy zone ranging from 
15 zero to three. Alice might carry a zone-one selective blocker tag in her wristwatch. So as to 
protect her clothing and personal appliances from scrutiny, all of these items would then be 
marked with a zone-one prefix. 

On the other hand, Alice might like to be able to handle groceries without blocking their 
tags. In this case, on checkout, her grocery items could be marked with a zone-two prefix, while 
20 privacy stickers for these items carry zone-two selective blocker tags. Thus, when the stickers 
are removed, Alice can handle them without her wristwatch blocker tag interfering with the 
reading process. Alice might choose, on the other hand, for her automobile to implement the 
strongest level of protection, blocking RFID tag reading in all four zones. 

25 Example 3 

As indicated previously, proposals have been made to embed RFID tags in currency. 
Using the techniques of the invention, IDs for these tags might be relegated to a special privacy 
zone for currency. 
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To protect the privacy of consumers, then, wallets could be equipped with embedded 
selective blocker tags or with credit-card-like devices bearing selective blocker tags. 

The presence of a currency-zone blocker tag would be easily detectable, as will be 
described below. Thus, in sensitive locations like airports, law-enforcement officials could take 
5 the approach of temporarily sequestering wallets in Faraday cages during security checks. They 
could then detect the presence of suspicious currency-zone blocker tags. In the absence of such 
tags, or following their identification and removal, it would be possible to monitor large and 
suspicious currency flows. The particular policies are obviously a subject for debate. However, 
the selective blocker tags of the present invention allow one to consider a range of policies that 
10 was heretofore unattainable. 

Law-enforcement officials would also be able to scan banknotes quickly and without 
impediment when they pass through financial institutions. 

Example 4 

15 As indicated above, RFID tags in consumer items may be configured in accordance with 

the techniques of the invention so that their IDs and other highly individual data can be 
transferred to a privacy zone. At the same time, to facilitate recycling, tags on plastic items 
might carry and readily broadcast their polymer-type number, for example, a value that ranges 
between 1 and 7. This could be accomplished, for instance, by having a special class of RFID 

20 tags used uniquely for recycling. 

A privacy risk in this approach is the effect of "clustering." In particular, the polymer 
numbers for a multiplicity of objects would together constitute a unique identifier. However, 
most common consumer items made of recyclable plastic, such as soda bottles, do not remain 
with a consumer in large quantities for very long. 

25 

Another possible use of multiple privacy zones, apart from the arrangements described in 
the foregoing examples, is in providing protection against spillover effects from selective 
blocker tags. For example, if Alice is carrying a selective blocker tag and standing in physical 
proximity to Bob, then her blocker tag may extend its disruptive effects to the reading of tags 

17 



Attorney Docket No. 4414-37 

carried by Bob. While Bob may be carrying tags whose IDs lie in a privacy zone, he may wish 
to have full control over the circumstances in which they are shielded. 

Given a reasonably large collection of privacy zones, for example, on the order of 100, 
every person might make use of a selective blocker tag protecting a fixed, random zone, and 
5 have his or her items marked accordingly. This would reduce the likelihood of spillover. 

It is important to note that there is a tradeoff between individual privacy and the number 
of possible privacy zones or associated policies. At an extreme, if each blocker tag were to 
implement a unique policy, then the policy itself would constitute a unique identifier. Thus, the 
set of possible privacy zones or associated policies in a given RFID system should not be so 
10 large as to risk undermining the desired privacy protection. 

Selective blocker tags in accordance with the invention may be made available from 
many sources. For example, merchants may include them for free with purchased goods, or 
consumers may be able to buy them at the checkout counter. Consumer rights organizations may 
supply them to consumers for nominal cost. The low implementation costs ensure that selective 
1 5 blocker tags may be cheaply and widely available. 

As noted above, blocker tags may be used in a malicious manner, namely as a tool for 
mounting denial-of-service attacks. For example, a blocker tag may be misused to circumvent 
an intended RFID reader for illegitimate purposes, through its ability to simulate multiple tag 
IDs. While legitimate privacy applications of the blocker tag also simulate multiple tag IDs, the 
20 malicious blocker tag does not respect the boundaries of an allowed privacy zone. 

RFID readers can be designed to cope with the intended blocker behavior within the 
privacy zone, but their basic functionality requires them to be able to read tags outside of this 
zone. Thus a malicious blocker tag effectively mounts a denial-of-service attack against the 
RFID reader protocol. Such attacks might be designed simply to disrupt service, or may be part 
25 of a scam used by petty thieves. 

A malicious blocker tag could attempt to simulate a particular distribution of tags in order 
to avoid detection. Regardless of this distribution, the number of simulated tags must be large 
enough to delay significantly the singulation protocol. 



18 



Attorney Docket No. 4414-37 

Detection of denial-of-service blocker attacks can therefore be implemented in a 
straightforward manner using a threshold detection approach. In this approach, an attack is 
assumed to be in progress if the number of perceived RFID tags exceeds some reasonable 
specified threshold, such as 1,000 tags at a retail checkout line. This threshold detection 
5 approach is simple and robust, as it does not rely on the exact behavior of the malicious blocker 
tag. In other words, this approach would work for either universal or selective blocker tags of a 
malicious kind. 

A more sophisticated detection technique may be implemented based on the use of 
prescribed tag ID ranges. For example, the reader could be connected to a database listing every 

10 valid tag in the range of IDs associated with a particular manufacturer. Such IDs may 
correspond, for example, to the "EPC manager" in an EPC. A tag having an ID that lies within 
the range but is not on the list could be identified as fraudulent. If tag IDs are at least partially 
random, it will be hard for an attacker to guess a valid ID. This defense is also not foolproof. 
For example, it does not protect against spoofing valid tag IDs that have been recorded 

1 5 previously by the attacker. In practice, this approach would also rely on access to manufacturer 
databases, which may be impractical in retail settings. 

Another possible detection approach is to utilize special-purpose readers to filter out 
malicious blocker tags. For example, if a few readers working together could estimate the 
location of the tags, they could ignore a multitude of fake tag IDs originating from a single 

20 location. However, such an approach could significantly increase the cost and complexity of the 
readers. 

As was mentioned previously, other embodiments of the invention are based on readers 
which utilize an ALOHA singulation algorithm. Embodiments of this type will now be 
described with reference to FIGS. 6 and 7. 
25 The ALOHA singulation algorithm is generally utilized for RFID tags that operate in low 

frequency ranges, such as the 13.56 MHz range. Use of the ALOHA singulation algorithm in 
this case aims at reducing reader-to-tag communications in order to meet restrictive 
electromagnetic compatibility regulations. Additional details regarding an example of a standard 
implementation of the ALOHA singulation algorithm can be found in MIT AutoID Center, 13.56 
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MHz ISM band class 1 radio frequency identification tag interference specification: Candidate 
recommendation, version 1.0.0, Technical Report MIT- AUTOID- WH-002, 2003, 
http://www.autoidcenter.org, which is incorporated by reference herein. This standard employs 
a protocol variant known as "slotted" ALOHA in which a given tag broadcasts its ID during a 
5 designated, independent time interval known as a "slot." 

The operation of the example ALOHA singulation algorithm is as follows. Let 7} denote 
the ID of a tag i. The function / denotes a general, preprogrammed function for scheduling tag 
responses. In the above-cited AutoID Center standard, this function / is left unspecified, and 
presumably may be selected by individual tag manufacturers. The example ALOHA singulation 
10 algorithm involves essentially the following steps: 

1 . The reader broadcasts S, the number of designated slots, and a random value R. 

2. Tag i computes a slot value s t =f{T u R, S) 6 [0, 1, ... , S - 1]. 

3. During slot s,-, tag i transmits 7} to the reader. 

In the event of a collision in given slot s /? i.e., a simultaneous reply from multiple tags, a 
15 reader is in general unable to receive any transmission. In other words, tag transmissions are 
lost. The ALOHA singulation algorithm aims to avoid such collisions through randomized 
scheduling of replies and selection of an appropriately large slot allocation S. There are a 
number of techniques for addressing the problem of collisions. For example, if many collisions 
occur, the algorithm may be re-run with a larger value 5. 
20 An additional feature of the slotted ALOHA singulation algorithm specified by the 

AutoID Center is referred to as a selection mask. This is a prefix broadcast by the reader to 
specify a subset of tags that should respond to its query. When a A>bit selection mask a is 
specified, a tag only transmits to the reader if a is an exact prefix of T h i.e., matches the first k 
bits. Also, when a selection mask a is specified, a tag transmits only the substring of its ID 7} 
25 that follows a. The selection mask is optional, and the absence of a selection mask is denoted 

herein by a null selection mask 

Blocker tags for the ALOHA singulation algorithm may operate according to essentially 
the same principles as those described previously in the case of the tree-walking singulation 
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algorithm. In particular, an ALOHA blocker tag may be configured to simulate transmission 
collisions during selected time slots. Two illustrative approaches for producing such blocking 
behavior in a selective manner will now be described. 

In the first approach, a privacy zone P may be specified in terms of a set of arbitrary- 
5 length prefixes 27= {a h a 2 , ... , o m }. If the reader specifies a selection mask a such that a t is a 
prefix of a or vice versa, then the blocker tag simulates collisions for all slots. Otherwise the 

blocker remains silent. Note that if 27 is not empty and a = i then the blocker will block all 
slots. 

FIG. 6 is a flow diagram illustrating one possible implementation of this first approach in 
10 system 100. In step 600, reader 104 issues a query on a selection mask a A given one of the 
RFID tags 102 configured as a selective blocker tag having a privacy zone P then performs the 
operations shown in steps 602, 604 and 606. In step 602, the selective blocker tag determines if 
there exists in the privacy zone P defined by the set of arbitrary-length prefixes an element p 
having the prefix cr. If so, the selective blocker tag makes no broadcast, as indicated in step 604. 
15 Otherwise, the selective blocker tag simulates a collision in step 606 for all time slots. 

As a more particular example of the first approach, assume that 27= {'0', '11'} for a 
given blocker tag. This tag will block the reading of all tags whose ID 7} has a leading '0' bit or 
the leading pair of bits 'IT. Thus, if the reader specifies any of the following selection masks, 

for example, then the blocker will be activated: '0', '1', '01', '110', i In contrast, if the reader 

20 specifies any of the following example selection masks, then the blocker will remain silent: '11', 
'110', '11000'. 

A drawback of this approach is that in order to read all tags lying outside the privacy 
zone specified by 27, the reader may have to make multiple queries. In the above example, for 
instance, the reader would have to make queries under selection masks '110' and '111' in order 
25 to read all tags outside the privacy zone. However, this should not be problematic provided that 
the privacy-zone specification 27 is suitably concise. 
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A second approach to blocking is possible through simulation of collisions only during 
selected time slots. The approach relies critically on the form of the function / In order to 
protect tags in a privacy zone P, i.e., every tag with an ID T e P, a blocker tag may simulate 
collisions in every time slot s such that s=f(R,T,S) for some T 6 P. In general, this approach 
5 may result in the blocking of tags outside the privacy zone P. Given suitable selection of/ and 
P, however, blocking behavior may proceed exactly as desired. 

FIG. 7 is a flow diagram illustrating one possible implementation of this second approach 
in system 100. In step 700, reader 104 marks a time slot s. A given one of the RFID tags 102 
configured as a selective blocker tag having a privacy zone P then performs the operations 
10 shown in steps 702, 704 and 706. In step 702, the selective blocker tag determines if there exists 
in the privacy zone P a tag ID T such that / (R, T,S) = s. If so, the selective blocker tag makes 
no broadcast, as indicated in step 704. Otherwise, the selective blocker tag simulates a collision 
in step 706 for time slot s. 

As a more particular example of the second approach, assume that S = 2 e for some value 
15 e, and that / simply computes a bitwise XOR of e-bit random value R and the e-bit prefix of tag 
ID Ti. In this case, a privacy zone P can be created consisting of all tag IDs with a leading T 
bit, i.e., to permit reading only of tags whose ID carries a leading '0' bit. Let r represent the 
leading bit of R. The blocker tag would simply simulate a collision in any slot s whose leading 
bit is equal to r XOR 1. 

20 A drawback of this second approach is its dependence on the function /implemented in a 

given tag. Without a widely implemented choice of /, blockers would not be able to achieve a 

consistent privacy policy. 

It remains valuable in ALOHA-based systems for blocker tags to block in a "polite" way, 

namely to specify their policies to readers. The policy-specifying technique described above for 
25 tree-walking singulation, in which a subtree is "marked" as subject to blocking, will generally 

not work in the ALOHA case. However, a number of other strategies are possible. An example 

of one such strategy will now be described. 

By analogy with the virtual tag technique described previously, we may specify a special 

prefix a* for blocker tags in the ALOHA case. The ID T t of a blocker tag i then assumes the 
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form Ti = a* || p { || P„ where || denotes string concatenation. The symbol p t denotes a random 
value, of appropriate length, specific to blocker tag /. The function of p,- is to prevent collisions 
between blocker tags, i.e., to randomize the computation of the slot s. Pi denotes a bitstring 
specifying the privacy policy of the blocker tag i. 
5 In order to learn the full set of privacy policies enforced by blocker tags within its 

vicinity, a reader issues an initial query under selection mask cr*. Blocker tags respond then in a 
manner similar to that of ordinary tags. In particular, each blocker transmits its policy P, in time 
slot / (R, p, 5). In contrast to an ordinary tag, a blocker does not transmit any other portion of 7}. 
The value p, in particular, should not be transmitted, as it would serve as a unique identifier. The 
10 reader thus receives the full set of policies of responding blockers. 

A blocker policy P may assume any of a number of forms. It might, for instance, be an 
encoded list of nodes whose corresponding subtrees lie in the privacy zone of the blocker tag, 
i.e., a set H of blocked prefixes. As another example, it may comprise a standardized privacy- 
zone identifier. 

15 It should again be emphasized that the particular selective blocking techniques described 

above are provided by way of illustration, and should not be construed as limiting the present 

invention to any specific embodiment or group of embodiments. 

For example, although described in the context of tree-walking and ALOHA singulation 

algorithms, the blocker tags of the present invention may be implemented in systems which 
20 utilize other types of singulation algorithms, or more generally in systems which utilize other 

techniques for allowing a reader to determine the unique identifiers associated with various 

RFID devices. 

In addition, the various simplifying assumptions made above in the course of describing 
the illustrative embodiments should also be viewed as exemplary rather than as requirements or 
25 limitations of the invention. 

As was noted previously herein, a consumer or other user may wish to alter the privacy 
policy implemented by a blocker device either temporarily or permanently under certain 
circumstances. For example, a consumer may wish to disable the blocker device so as to permit 
unimpeded reading of RFID tags for use in the home. One way of accomplishing this is to 
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provide a physical mechanism for setting the state of the blocker device, such as a physical dial 
or switch. Another is to provide an authenticated wireless protocol for blocker device policy 
changes. As a simple example of this latter type of approach, a blocker device might become 
activated or deactivated upon receiving a PIN or other form of authenticated signal from an 

5 RFID reader or other device capable of such transmission. Such arrangements generally provide 
a blocker device that is configurable such that a privacy policy implemented by the blocker 
device is selectable responsive to a command, although many other command formats and 
command delivery techniques may be used. 

It should be noted that the selective blocking techniques of the present invention can be 

10 used with tags that enhance their identifiers by pre-pending random or pseudorandom prefixes. 
In such an arrangement it may be helpful to precede the random prefix by a few static bits 
indicating the privacy policy. For example, an identifier might take the form: privacy bit || 
random string || identifier. The blocker tag in this case may block if the privacy bit is a T, but 
not block if the privacy bit is a 4 0'. The insertion of the random string would not otherwise 

1 5 affect the behavior of the blocker. 

It should also be noted that selective blocking in accordance with the present invention 
may be selective not with reference to an entire identifier, but instead with reference to a portion 
of an identifier. A given blocker tag may thus be configured so as to restrict access to certain 
portions of identifiers, rather than to block the reading of a tag on an all-or-nothing basis. For 

20 example, suppose that a blocker tag wants to permit reading of product codes, but not unique 
identifiers. In the case of the tree-walking algorithm, then, a blocker tag might simulate 
collisions below a certain level in the tree. In other words, it is possible to block selectively 
using an "object-oriented" approach. 

These and numerous other alternative embodiments within the scope of the appended 

25 claims will be readily apparent to those skilled in the art. 
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